Pavel Dovgalyuk, Vladimir Makarov, “When stack protection does not protect the stack?”, Proceedings of ISP RAS, 28:5 (2016), 55

Proceedings of the Institute for System Programming of the RAS

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Proceedings of the Institute for System Programming of the RAS, 2016, Volume 28, Issue 5, Pages 55–72
DOI: https://doi.org/10.15514/ISPRAS-2016-28(5)-3 (Mi tisp67)

This article is cited in 1 scientific paper (total in 1 paper)

When stack protection does not protect the stack?

Pavel Dovgalyuk, Vladimir Makarov

Novgorod State University

Full-text PDF (802 kB) Citations (1)

References:

PDF

HTML

DOI: https://doi.org/10.15514/ISPRAS-2016-28(5)-3

Abstract: The majority of software vulnerabilities originate from buffer overflow. Techniques to eliminate buffer overflows and limit their damage include secure programming, source code audit, binary code audit, static and dynamic code generation features. Modern compilers implement compile-time and execution time protection schemes, that include variables reordering, inserting canary value, and separate stack for return addresses. Our research is targeted to finding the breaches in the compiler protection methods. We tested MSVC, gcc, and clang and found that two of these compilers have flaws that allow exploiting buffer overwrite under certain conditions.

Keywords: buffer overflow, canary protection, gcc, msvc, clang.

Funding agency	Grant number
Russian Foundation for Basic Research	14-07-00411
The work was partially supported by RFBR, research project No. 14-07-00411 a.

Bibliographic databases:

Document Type: Article

Language: English

Citation: Pavel Dovgalyuk, Vladimir Makarov, “When stack protection does not protect the stack?”, Proceedings of ISP RAS, 28:5 (2016), 55–72

Citation in format AMSBIB

\Bibitem{DovMak16}

\by Pavel Dovgalyuk, Vladimir Makarov

\paper When stack protection does not protect the stack?

\jour Proceedings of ISP RAS

\yr 2016

\vol 28

\issue 5

\pages 55--72

\mathnet{http://mi.mathnet.ru/tisp67}

\crossref{https://doi.org/10.15514/ISPRAS-2016-28(5)-3}

\elib{https://elibrary.ru/item.asp?id=27679150}

Linking options:

https://www.mathnet.ru/eng/tisp67

https://www.mathnet.ru/eng/tisp/v28/i5/p55

This publication is cited in the following 1 articles:

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Proceedings of the Institute for System Programming of the RAS

Registration to the website

Logotypes